Short Name |
DNS:TUNNEL:SHORT-TTL |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
DNS |
Keywords |
Short Time To Live Response |
Release Date |
2013/12/04 |
Update Number |
2324 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects DNS responses with very short Time To Live (TTL) values. This is not normal for DNS and is indicative of DNS tunneling. Dropping these packets will usually block the tunnel.
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.